Weaknesses of type CWE-668
205 resultsCVE-2022-38599MEDIUMTeleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web iEPSS 0.8%CVE-2023-25409HIGHAten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.EPSS 0.8%CVE-2022-32249—Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gaEPSS 0.8%CVE-2023-37911MEDIUMorg.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documentsEPSS 0.8%CVE-2022-39015—Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.EPSS 0.8%CVE-2022-45895MEDIUMPlanet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx inEPSS 0.7%CVE-2019-1848CRITICALCisco DNA Center Authentication Bypass VulnerabilityEPSS 0.7%CVE-2024-22281HIGHApache Helix Front (UI): Helix front hard-coded secret in the express-sessionEPSS 0.7%CVE-2020-12142MEDIUMIPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentialsEPSS 0.7%CVE-2020-22647CRITICALAn issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions.EPSS 0.7%CVE-2023-35696HIGHUnauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated
remote attacker to retrieve sensitive information about the deEPSS 0.7%CVE-2026-34538MEDIUMApache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)EPSS 0.7%CVE-2026-28779HIGHApache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applicationsEPSS 0.7%CVE-2020-15215MEDIUMContext isolation bypass in ElectronEPSS 0.7%CVE-2022-2882MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 beforeEPSS 0.7%CVE-2022-44310HIGHIn Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived sharEPSS 0.7%CVE-2022-31596MEDIUMUnder certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjEPSS 0.7%CVE-2024-35199HIGHTorchServe gRPC Port ExposureEPSS 0.6%CVE-2026-44008CRITICALvm2: Snabox breakout via `neutralizeArraySpeciesBatch`EPSS 0.6%CVE-2026-44009CRITICALvm2: Sandbox Breakout Through Null Proto ExceptionEPSS 0.6%